Sujet Précédent Sujet Suivant

Totemoze et compagnie..

djjs -  
chimay8 Messages postés 7947 Statut Contributeur sécurité -
Bonjour a toute la communaute,

Arghhh je ne sais pas combien de temps il me reste, je sent a chaque rebbotage que mon pc bug de plus en plus (freezage, rame, fenetre de pub avec leurs salete d antivirus..), quelqu un pourrait il m aider a me debarasser du sale virus qui doit pourrir mon systeme ??
J'ai nettoyer avec malware bytes et CC cleaner ms il me reste toujours e totemoze.dll et notijku.dll je pense qu ils doivent etre en partie responsable nan ?
En tout cas voila le rapport hijackthis, illisible a mes yeux lol:

Merci beaucoup si quelqu'un peut m'aider ;-) Bonne journee et bonne acne !

JS

19 réponses

Réponse 1 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
Bonjour,

- Télécharge TrendMicro™ HijackThis™ de Merijn(prog de diagnostic) sur ton bureau.
- Cette version est sans installateur! ( Zip à décompresser )
- Enregistre le sur ton bureau.

-A l'installation,
****Place le dans son répertoire par défaut, c'est à dire : C:\program files***

Important : Sous Vista, clic droit sur le fichier Hijackthis.exe ou sur le raccourci, Propriétés, Onglet Compatibilité, cocher :
"Exécuter ce programme en tant qu'administrateur"

installer hijackthis correctement:
https://forums.cnetfrance.fr

*** Ferme toute les fenêtres ouvertes , et déconnecte toi du web***

- Double-clique dessus
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur "Do a scan and save log file".
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
- ** ne pas fixer de lignes sans notre avis **
Aide : N'hésite pas à consulter l'aide HiJackThis de Malekal_morte
En image

- Une fois installé, le renommer HJT.exe pour contrer une éventuelle infection de vundo
0
djjs
 
Nouvelle tentative:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:51 PM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://online-search.c.la/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://online-search.c.la/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://online-search.c.la/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {e7aa2de7-58d7-48f4-b96d-7bd408eb42ba} - C:\WINDOWS\system32\notijiku.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\totemoze.dll",s
O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\pawehuhe.dll",b
O4 - HKLM\..\Run: [CPM031e4ca0] Rundll32.exe "C:\WINDOWS\system32\huzivewe.dll",a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\totemoze.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\totemoze.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\totemoze.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\totemoze.dll",s (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://e.absparis.com/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\moyajamu.dll c:\windows\system32\huzivewe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huzivewe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huzivewe.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
djjs
 
Nan, vraiment rien a faire, a chaque fois que je colle mon rapport, le post n est pas publie ca soule..
0
Réponse 2 / 19
djjs
 
Merci de la rapidite, wouah c'est a la limite de l'inhumain lol !
J ai deja essayer de poster le rapport mais rien a faire, mon post ne s affiche pas quand je le copie colle je comprend pas pourquoi.. Je peux te l envoyer par mail si jamais ca ne te derange pas ?
0
Réponse 3 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
relax j'ai demander a le repêcher
0
Réponse 4 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
ok,

fais ceci stp

Télécharge SDfix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix de Malekal pour t'aider :

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.

Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

Clique sur Ok.
Redémarre et essaie de relance SDFix.
0
djjs
 
re Chimay, merci pour tes explications, j'ai bien essayer tout ca mais le probleme c'est que j'ai l impression que le software ne marche pas ici, quand je le lance en mode sans echec la fenetre bleu arrive, je marque Y, explorer disparait et il marque "checking processes and services" jcrois mais c'est tout, je l'ai laisser tourner quasi une heure comme ca mais rien d autre n'arrive, comme si le logiciel tournait pour rien. je l'ai quitter et relancer mais c'est toujours pareil.. Ou alors est ce que vraiment il doit tourner des heures pour checker tout ca .. ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
non,
il ne devrais pas tourner autant

on change de tactique

lis bien ce qui est noté stp

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Avant de telecharger clic sur enregistrer renomme le en killbagle et enregistre le sur le bureau
**si il te demande d'installer la console,accepte(voir plus bas!)**

-> Double clique sur killbagle.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

Une fois fait, sur ton bureau double-clic sur killbagle.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

*************** console de récupération **********************

installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)

Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:

https://support.microsoft.com/en-us/help/310994

descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.

enregistre le sur ton bureau.

fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Combofix va installer la console de récupération sur ton pc

à la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.
0
Réponse 6 / 19
djjs
 
RE Chimay !
Desole pour ce retard, j'avais du partir au boulot mais j'ai pu faire entierement ce que tu m'as dit et ca a l'air d avoir bien fonctionner (ah si ce n'est que ca fait 3,4 fois que l'ordi n'arrive plus a s'eteindre, jss obliger dlaisser enfoncer le bouon power 5 secondes sinon windows reste bloquer sur la page de fermeture..ca l'a fait qd combofix a voulu le faire redemarer..)

En tout cas voila le rapport, je supose qu il va pas pouvoir se poster, il faudra surement le repecher.

A tout a l'heure et merci !

ComboFix 09-01-08.01 - Jean-Sebastien 2009-01-08 23:16:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1014.641 [GMT 0:00]
Lancé depuis: c:\documents and settings\Jean-Sebastien\Desktop\killbagle.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Guest\Local Settings\Temporary Internet Files\Dxc.log
c:\documents and settings\Jean-Sebastien\Application Data\Dxcdmns.dll
c:\documents and settings\Jean-Sebastien\Application Data\Dxcuknwrd.dll
C:\resycled
c:\resycled\boot.com
c:\windows\k.txt
c:\windows\system32\drivers\msqpdxxcbivkyt.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ehuhewap.ini
c:\windows\system32\huzivewe.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\m.ico
c:\windows\system32\mantec~1
c:\windows\system32\mantec~1\??mantec\
c:\windows\system32\moyajamu.dll
c:\windows\system32\msqpdxaxjadixs.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\pawehuhe.dll
c:\windows\system32\Process.exe
c:\windows\system32\s.ico
c:\windows\system32\siduzeji.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\ssprs.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tsks~1
c:\windows\system32\wobezozu.dll
c:\windows\system32\wtssvsu.exe
c:\windows\system32\yaluvufa.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Service_MSQPDXSERV.SYS
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_Windows Overlay Components

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.

2009-01-08 23:34 . 2009-01-08 23:34 268 --ah----- C:\sqmdata02.sqm
2009-01-08 23:34 . 2009-01-08 23:34 244 --ah----- C:\sqmnoopt02.sqm
2009-01-05 16:51 . 2009-01-08 23:25 55,121 --a------ c:\windows\system32\oodbs.lor
2009-01-05 09:15 . 2008-12-25 00:43 <DIR> d-------- c:\windows\system32\oodag
2009-01-05 09:03 . 2009-01-05 09:03 <DIR> d-------- c:\program files\OO Software
2008-12-26 13:38 . 2008-12-26 13:38 <DIR> d-------- c:\windows\ERUNT
2008-12-26 13:19 . 2008-12-26 22:34 <DIR> d-------- C:\SDFix
2008-12-25 15:06 . 2008-12-25 15:06 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-25 15:06 . 2008-12-25 15:06 1,409 --a------ c:\windows\QTFont.for
2008-12-25 00:59 . 2008-12-25 00:59 74,752 --a------ c:\windows\system32\drivers\msqpdxjkxvnsrq.sys
2008-12-24 10:40 . 2008-12-24 10:40 268 --ah----- C:\sqmdata01.sqm
2008-12-24 10:40 . 2008-12-24 10:40 244 --ah----- C:\sqmnoopt01.sqm
2008-12-24 09:23 . 2008-12-24 09:23 268 --ah----- C:\sqmdata00.sqm
2008-12-24 09:23 . 2008-12-24 09:23 244 --ah----- C:\sqmnoopt00.sqm
2008-12-23 10:42 . 2002-02-28 09:46 217,088 --a------ c:\windows\system32\DartSock.dll
2008-12-23 10:42 . 2002-02-21 10:12 118,784 --a------ c:\windows\system32\DartWeb.dll
2008-12-23 10:42 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-12-23 10:42 . 1998-06-13 22:53 44,544 --a------ c:\windows\system32\Gif89.dll
2008-12-23 10:42 . 2002-04-12 13:19 28,672 --a------ c:\windows\system32\DartWeb.oca
2008-12-23 10:34 . 2008-12-23 10:34 0 --a------ c:\windows\oodcnt.INI
2008-12-23 10:32 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD
2008-12-23 09:00 . 2008-12-23 10:42 <DIR> d-------- c:\program files\PhotoRescue Pro
2008-12-22 00:17 . 2008-12-22 00:17 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-12 07:38 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-12 07:34 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 07:47 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-12-29 10:42 --------- d-----w c:\program files\eMule
2008-12-26 14:09 5,632 --sha-w c:\program files\Thumbs.db
2008-12-23 19:18 --------- d-----w c:\documents and settings\Jean-Sebastien\Application Data\Vso
2008-12-23 11:18 --------- d-----w c:\program files\IsoBuster
2008-12-23 10:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 10:30 --------- d-----w c:\program files\PC Inspector File Recovery
2008-12-23 09:59 17,068,064 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-23 02:01 200,120 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-12 02:44 --------- d-----w c:\program files\DivX
2008-10-24 08:38 102,344 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\GDIPFONTCACHEV1.DAT
2008-10-12 10:32 401,720 ----a-w C:\HJT.exe
2006-10-30 22:53 0 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-17 266497]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\moyajamu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Medal of Honor Pacific Assault\\mohpa.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Team17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\TPSBattM.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe"=
"c:\\Program Files\\AntiVir PersonalEdition Classic\\sched.exe"=
"c:\\Program Files\\Microsoft LifeCam\\MSCamS32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2006-10-28 44480]
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [2007-04-08 8576]
S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [2007-04-08 384128]
S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?]
S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-04 13352]
S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [2008-06-22 35331]
S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{009481ed-0eff-11dd-ad80-00130289d7c4}]
\Shell\AutoRun\command - E:\ekugb3.bat
\Shell\explore\Command - E:\ekugb3.bat
\Shell\open\Command - E:\ekugb3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4deddf-787c-11db-9535-00130289d7c4}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4dede0-787c-11db-9535-00130289d7c4}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{136e8d58-23f1-11dc-963b-00130289d7c4}]
\Shell\AutoRun\command - e:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{502d5c52-9c02-11dd-ae26-00130289d7c4}]
\Shell\AutoRun\command - jvebgmw.exe
\Shell\explore\Command - jvebgmw.exe
\Shell\open\Command - jvebgmw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66597937-a7a6-11dd-ae32-00130289d7c4}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c42d4ea-cee4-11dd-8f6d-00130289d7c4}]
\Shell\AutoRun\command - 2u.com
\Shell\explore\Command - 2u.com
\Shell\open\Command - 2u.com
.
Contenu du dossier 'Tâches planifiées'

2008-12-24 c:\windows\Tasks\At1.job
- c:\documents and settings\Jean-Sebastien\Templates\Brengkolang.com []

2007-08-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- D:\setup.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{e7aa2de7-58d7-48f4-b96d-7bd408eb42ba} - c:\windows\system32\notijiku.dll
HKLM-Run-mogiluhehe - c:\windows\system32\totemoze.dll
HKU-Default-Run-mogiluhehe - c:\windows\system32\totemoze.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huzivewe.dll

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 23:34:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxoydaaqje.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
"OODEFRAG10.00.00.01WORKSTATION"="C50D2FED5EE752DF6F89D31287CD385A3111AEAA5D8BB631355AF4EEB643970B88C501F6D12480C51CD058AF7E79E035172CFADB99B92DE874D70E2753B0ED8A78D04CCA49B319476C504B3F6B6B41C7AE9A8FFA39A9904017DD7449C7CA16052620DA2B99B3DF36043A33CB48D3EB00536FCE7D7DBB605E4C8285D3B9449BF7B46829BF6E480C8C9D86CAC5E5E364EE7003D0BEF9538D8BD39DD7AA22D27C86DAA4E814C496CBE582F08102645624C88971E079175B7E3786CD33134D2F2EF963940117EE4B3D8115F678B83CE41866FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C6C79D870FCAECAFB49A74ACB694C3EED0EB2322B5F103CD4F16BC291143DE518826E555935F256EFE1E62EEFD7F255645CD891122C735653C203279D0A0E3D0E9E49B0FAC6ADFE0335BA0C06DD1A0F78D0168897EB8E9CD6E6F00D1774DA9A8307DF891BF9A19ECA1B3A3E1B691A1059F863CEB5516521C9C1AF27FEE9791CBC904B30E66C95800400BFD2273D476F5CF6FBCEC9E58068BA487B5FBBD84455A0A76A2AEB10D3E48F646A0D7F70FD3C7BFE62A995046DEFD986D650988397CD3A4BDE321F2CAB80F0DB1FE2E2EC1EF6D2DA5731BEDB3DA1FD99854CC27AD57FB60E8F33D758EFF9CE8E827EF0738C9322E665EE4DF0826222B391D7CCAA65D96B18A5D2D004F5ED76B9823EAD94AE7C5095581CAF1BD786E11C482B2D4FAE3FCD251062A870196DD7AD4B3681B7F18EE5EB3FA9B606D9D8012CB9B1BFF71F88F88381ED6433397B074ED22C389745998E036FBA1933A71864D23C0DC00BA980AA16EE32EAB6368FB992CE9A04441CE31C8880A66E7466F31791E7915441436348D593A18737F917CE89B9AF789E6EA5833CCEF936F0BF16C5FE1BC77FA66567574CEBE069C76BF04451D44E8E5EB70DDC76FAF25027DF1543C575EBAD9B8EB1831BBBC8254E7D71BE9EA00CA08EF839E51D68858164F60105A35D6EADD63FDE9A72886730042061063A6735F00E33417FAFBFD8F44EBA5BA4EBFBF4305FFD7B8F9B9C7FE67749FA067FB047238F70AD2E3EEBC9B75BE19A6003BDD74C92540DF9F085858809F6714E604F7541983B7A9B6E1FE73AD72BA71AE5D4A1FC214F0A14E29622397024E492DED324B4052399137ACB74D262D5E0D720B415A00F01DB3E7365357F355670AB159570D004BB6F862EAAE83AF0A798435518A5793700E379BA4C4EC7B6919E152FB0A8C7979DD50C6B38EF0EC9E8152ABA7BFC2DC463746EE3E8335FA5636F6E6B05CCB39764195A2834E9CF096510009C207547384CD2E5AD9D5E7C09D7D7FCA1B3160FACAE7ACFEBA3E8E49EEE37D7578A21B6E758BBD0"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\msqpdxoydaaqje.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AntiVir PersonalEdition Classic\sched.exe
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\Crypserv.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\oodag.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-08 23:39:24 - La machine a redémarré [Jean-Sebastien]
ComboFix-quarantined-files.txt 2009-01-08 23:39:20

Avant-CF: 6,163,234,816 bytes free
Après-CF: 6,733,651,968 bytes free

241 --- E O F --- 2008-12-18 00:34:09
0
Réponse 7 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
bien,

super intérressant ton log

Télécharge UsbFix sur ton bureau

--> Lance l'installation avec les paramètres par défaut

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptibles d'avoir été infectées sans les ouvrir.

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Choisis l'option nettoyage

--> Le pc va redémarer

-->Après redémarrage poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide!

/!\ "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
djjs
 
Wouah a ce que je voi tu es un des programeurs de ce software lol ?? chapeau !


-------------- UsbFix V2.414 ---------------

* User : Jean-Sebastien - JS
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 1:30:26 le Sat 01/10/2009
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wudfhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE

--------------- [ Informations lecteurs ] ----------------

C: - Fixed Drive

E: - Removable Drive

F: - Fixed Drive


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
;qiydtbgvfdokwfsafieybetmblcpxusscbfdqslcxygsvcjtusdznboehgto
shellexecute="resycled\boot.com e:"
;yoxdrodogmalqv
shell\Open\command="resycled\boot.com e:"
;sezzvurndzxrvplrrdbeiuhnyflxsqzuwbufdgqmzdmcqyvgocffwgmrfzqulddasqlxfpmumcl
shell=

+- Contenu de l'autorun : F:\autorun.inf

[autorun]
;taaxddlaacbugldkpyupvczrqmqwrzmwydhztjdzbqmhunjwbzlmvpgstaf
shellexecute="resycled\boot.com f:"
;coszlilgv
shell\Open\command="resycled\boot.com f:"
;ianvmcxygkkawwxakghqfwsclhtslqutcbtekvuz
shell=Open
;axohdvvgtoqkxfeomiwktujlvmudpifkpa

--------------- [ Lecteur C ] ----------------

C: - Fixed Drive


+- Listing des fichiers présents :

[02/04/2008 08:47 AM][---hs----] C:\AUTOEXEC.BAT
[08/10/2004 12:00 PM][-rahs----] C:\NTDETECT.COM
[10/12/2008 10:32 AM][--a------] C:\HJT.exe
[01/08/2009 11:03 PM][-rahs----] C:\boot.ini
[12/25/2008 01:01 AM][--a------] C:\abserial.txt
[12/25/2008 01:01 AM][--a------] C:\CKINFO.TXT
[12/25/2008 01:01 AM][--a------] C:\ComboFix.txt
[12/25/2008 01:01 AM][--a------] C:\dxlog.txt
[12/25/2008 01:01 AM][--a------] C:\rapport.txt
[12/25/2008 01:01 AM][--a------] C:\UsbFix.txt
[02/15/2006 03:38 PM][--a------] C:\CONFIG.SYS
[02/15/2006 03:38 PM][--a------] C:\hiberfil.sys
[02/15/2006 03:38 PM][--a------] C:\IO.SYS
[02/15/2006 03:38 PM][--a------] C:\MSDOS.SYS
[02/15/2006 03:38 PM][--a------] C:\pagefile.sys

--------------- [ Lecteur E ] ----------------

E: - Removable Drive


+- Listing des fichiers présents :

[11/23/2007 12:57 PM][-rahs----] E:\kinza.exe
[01/09/2009 09:04 AM][-r-hs----] E:\autorun.inf

--------------- [ Lecteur F ] ----------------

F: - Fixed Drive


+- Listing des fichiers présents :

[09/21/2004 09:04 AM][-rahs----] F:\NTDETECT.COM
[09/21/2004 09:11 AM][-rahs----] F:\BOOT.INI
[01/09/2009 09:04 AM][-r-hs----] F:\autorun.inf
[09/28/2008 07:16 AM][--a------] F:\hors.de.prix.french.dvdscr.xvid-horsdeprix.txt
[08/17/2008 06:49 PM][--ahs----] F:\hiberfil.sys
[08/17/2008 06:49 PM][--ahs----] F:\IO.SYS
[08/17/2008 06:49 PM][--ahs----] F:\MSDOS.SYS
[08/17/2008 06:49 PM][--ahs----] F:\pagefile.sys

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://fr.yahoo.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer=C:\Program Files\Spybot\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
ehTray=C:\WINDOWS\ehome\ehtray.exe
THotkey=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Tvs=C:\Program Files\Toshiba\Tvs\TvsTray.exe
TPSMain=TPSMain.exe
avgnt="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{009481ed-0eff-11dd-ad80-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{009481ed-0eff-11dd-ad80-00130289d7c4}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{009481ed-0eff-11dd-ad80-00130289d7c4}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a4deddf-787c-11db-9535-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a4dede0-787c-11db-9535-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{136e8d58-23f1-11dc-963b-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{502d5c52-9c02-11dd-ae26-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{502d5c52-9c02-11dd-ae26-00130289d7c4}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{502d5c52-9c02-11dd-ae26-00130289d7c4}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66597937-a7a6-11dd-ae32-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8931acc7-8004-11dd-adff-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8931acc7-8004-11dd-adff-00130289d7c4}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c42d4ea-cee4-11dd-8f6d-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c42d4ea-cee4-11dd-8f6d-00130289d7c4}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c42d4ea-cee4-11dd-8f6d-00130289d7c4}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee18f921-b49e-11dc-96de-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee18f921-b49e-11dc-96de-00130289d7c4}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [01/30/2007 08:08 PM][--a--c---] C:\WINDOWS\system32\tmp.txt
E:\autorun.inf ~> fichier appelé : "E:\"resycled\boot.com e:"" ( absent ! )
F:\autorun.inf ~> fichier appelé : "F:\"resycled\boot.com f:"" ( absent ! )
Supprimé ! - [01/09/2009 09:01 AM][-r-hs----] E:\resycled\boot.com
Supprimé ! - [01/09/2009 09:04 AM][-r-hs----] E:\autorun.inf
Supprimé ! - [01/09/2009 09:01 AM][dr-hs----] E:\resycled
Supprimé ! - [01/09/2009 09:01 AM][-r-hs----] F:\resycled\boot.com
Supprimé ! - [01/09/2009 09:04 AM][-r-hs----] F:\autorun.inf
Supprimé ! - [01/10/2009 01:31 AM][dr-hs----] F:\resycled

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[02/04/2008 08:47 AM][---hs----] C:\AUTOEXEC.BAT
[08/10/2004 12:00 PM][-rahs----] C:\NTDETECT.COM
[10/12/2008 10:32 AM][--a------] C:\HJT.exe
[01/08/2009 11:03 PM][-rahs----] C:\boot.ini
[11/23/2007 12:57 PM][-rahs----] E:\kinza.exe
[09/21/2004 09:04 AM][-rahs----] F:\NTDETECT.COM
[09/21/2004 09:11 AM][-rahs----] F:\BOOT.INI

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
E:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0
Réponse 8 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
bien

refile moi un nouveau rapport Hijack stp
0
djjs
 
Voila, j espere que tout va mieu ;-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:03 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://online-search.c.la/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://e.absparis.com/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 9 / 19
djjs
 
Ca y est jvien de poster le rapport hijack mais jpense qu il faut le repecher ou qqchose du genre lol ! Thanks
0
Réponse 10 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
c'est quoi le E: c'est une clé usb?

Rends toi sur ce site :
https://www.virustotal.com/gui/
où ici
https://virusscan.jotti.org/

Clique sur "parcourir" où "Choisir"(selon le site) et cherche ce fichier : E:\kinza.exe
Clique sur "Send File" où "Submit"(selon le site).
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
0
djjs
 
Ah ouai jpensais vraiment pas qu il y aurait un virus la dedans, c est une carte memoire XD de mon appareil photo...
Voila le rapport..

File kinza.exe_ received on 01.11.2009 16:56:11 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 32/38 (84.22%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.11 Worm.VBS.Autorun.i!IK
AhnLab-V3 2009.1.10.0 2009.01.11 -
AntiVir 7.9.0.54 2009.01.10 Worm/Autorun.dpc
Authentium 5.1.0.4 2009.01.10 VBS/Autorun.I
Avast 4.8.1281.0 2009.01.11 VBS:AutoRun-G
AVG 8.0.0.229 2009.01.10 VBS/Worm.S
BitDefender 7.2 2009.01.11 Generic.ScriptWorm.AD7BD255
CAT-QuickHeal 10.00 2009.01.09 -
ClamAV 0.94.1 2009.01.11 Worm.VBS.Autorun-7
Comodo 915 2009.01.11 Worm.VBS.AutoRun.P
DrWeb 4.44.0.09170 2009.01.11 VBS.Generic.578
eSafe 7.0.17.0 2009.01.11 VBS.Vote.b1
eTrust-Vet 31.6.6301 2009.01.10 Win32/MultiDropper.DG
F-Prot 4.4.4.56 2009.01.10 VBS/Autorun.I
F-Secure 8.0.14470.0 2009.01.11 Worm.VBS.Autorun.i
Fortinet 3.117.0.0 2009.01.11 -
GData 19 2009.01.11 Generic.ScriptWorm.AD7BD255
Ikarus T3.1.1.45.0 2009.01.11 Worm.VBS.Autorun.i
K7AntiVirus 7.10.584 2009.01.09 VBS.AutoRun.AKD
Kaspersky 7.0.0.125 2009.01.11 Worm.VBS.Autorun.i
McAfee 5491 2009.01.10 potentially unwanted program Generic PUP
McAfee+Artemis 5491 2009.01.10 potentially unwanted program Generic PUP
Microsoft 1.4205 2009.01.11 Worm:VBS/Autorun.I
NOD32 3756 2009.01.10 VBS/AutoRun.P
Norman 5.99.02 2009.01.09 Malware.BODP
Panda 9.4.3.3 2009.01.11 Application/Starr.B
PCTools 4.4.2.0 2009.01.11 Packed/nPack
Prevx1 V2 2009.01.11 -
Rising 21.11.62.00 2009.01.11 Worm.Script.VBS.Autorun.c
SecureWeb-Gateway 6.7.6 2009.01.11 Worm.Autorun.dpc
Sophos 4.37.0 2009.01.11 W32/Isetspy-C
Sunbelt 3.2.1831.2 2009.01.09 Monitor.Win32.ActMon
Symantec 10 2009.01.11 Spyware.ActMon
TheHacker 6.3.1.4.217 2009.01.10 -
TrendMicro 8.700.0.1004 2009.01.09 VBS_AUTORUN.AKD
VBA32 3.12.8.10 2009.01.10 suspected of Trojan-PSW.Game.57 (paranoid heuristics)
ViRobot 2009.1.10.1553 2009.01.10 -
VirusBuster 4.5.11.0 2009.01.10 Packed/nPack
Additional information
File size: 822254 bytes
MD5...: 58f07390f4475c062763c65640f90bd0
SHA1..: cc59be5fbebd90ecd292efd3f9cac42cac0bced0
SHA256: de420f3fb8b1f4016c7d96cf0c96378c7085d897923330c3e3a4a31518426646
SHA512: a38fadd99dd77ee4d10a936808f85d6d556290ce1f7ce8eab7d6ec5f3f3665e6
2ba367b154acdc511f0b403ea23fe72cce73edd7be05df314c83dcfc9b6f5f81

ssdeep: 24576:LZjcVvrzHtyS6l2TYTn+7n4II74xBJJyGl6:LiV/t36GXnRIqJa

PEiD..: -
TrID..: File type identification
WinRAR Self Extracting archive (95.7%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Win32 Executable Watcom C++ (generic) (0.4%)
Generic Win/DOS Executable (0.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401000
timedatestamp.....: 0x44298d14 (Tue Mar 28 19:23:00 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13000 0x12e00 5.71 c80c07980428a16a1d8a1989d98305a1
.data 0x14000 0x7000 0xa00 4.73 9fd76b328774df0f236bd2fe03136f99
.idata 0x1b000 0x1000 0x1000 5.05 c274ffd22986d8fbe298e4856812e616
.rsrc 0x1c000 0x4000 0x3c00 3.70 800413887bfc873888714456e89d65ec

( 8 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
> COMCTL32.DLL: -
> COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA
> GDI32.DLL: DeleteObject
> SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
> USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
> OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize

( 0 exports )

packers (Authentium): RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR
packers (F-Prot): RAR
packers (Kaspersky): NPack, NPack, NPack, NPack, NPack, NPack
0
Réponse 11 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
okay...je sens qu'il va y avoir une MAJ de Usbfix rien que pour toi!!!

fais ceci stp

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 12 / 19
djjs
 
Ca y est je les ai poster !
0
Réponse 13 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
je ne vois pas ton message,
si il ne passe pas,fais une alerte à la concièrgerie en cliquant sur le triangle jaune a gauche
0
Réponse 14 / 19
djjs
 
et le Info

info.txt logfile of random's system information tool 1.05 2009-01-11 17:05:37

======Uninstall list======

Visual Link Spanish(tm) - CD-ROM-->MsiExec.exe /I{B42417BD-A1DF-4F2B-BE6F-C53E8A5C01D1}
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->Dummy
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4BB1D52-679A-4CBA-8C8D-53244F10CF71}\SETUP.EXE" -l0x9 UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3nity Video Convert 2.1-->C:\Documents and Settings\Jean-Sebastien\My Documents\My Videos\convert\Uninstal.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Downloads\Uninstall\uninstall.xml"
ASIO4ALL-->C:\Program Files\Fruityloops7\ASIO4ALL v2\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BestPractice (remove only)-->"C:\Downloads\BestPractice\uninstall.exe"
BitTorrent 5.0.7-->"C:\Program Files\BitTorrent\uninstall.exe"
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Blue Cat's Chorus - VST-->MsiExec.exe /I{C174C180-8076-403E-B357-DF2AA070F235}
Blue Cat's FreqAnalyst - VST-->MsiExec.exe /I{190B20A2-7335-4B1E-98BB-8DA0E253676F}
Blue Cat's Gain Suite - VST-->MsiExec.exe /I{AD93941C-7319-4A1B-B98C-4A5E43112F5B}
Blue Cat's Phaser - VST-->MsiExec.exe /I{E491A0CF-05E2-457B-B1F6-E3981FDCA3FC}
Blue Cat's Stereo Chorus - VST-->MsiExec.exe /I{41F37482-8CC9-4802-890D-CDF224F7D9D4}
Blue Cat's Stereo Flanger - VST-->MsiExec.exe /I{B7D2A8BD-A9E4-4F79-BB34-6D4AA0BAE249}
BlueCat's Digital Peak Meter - VST-->MsiExec.exe /I{A70F1409-C199-46A3-958F-BBD125A86524}
Bluetooth Monitor 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61539202-097E-487E-9237-B291AB56D54C}\setup.exe" -l0x9 -removeonly
BSPlayer-->"C:\Documents and Settings\Jean-Sebastien\My Documents\My Videos\BSPlayer\uninstall.exe"
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
CardRecovery-->C:\PROGRA~1\PHOTOR~1\CARDRE~1\UNWISE.EXE C:\PROGRA~1\PHOTOR~1\CARDRE~1\INSTALL.LOG
Carmageddon II Carpocalypse Now-->C:\WINDOWS\IsUninst.exe -f"c:\documents and settings\jean-sebastien\my documents\games\carmageddon 2\carmageddon 2\Uninst.isu"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Cossacks - European Wars-->C:\WINDOWS\uncsetup.exe
dBpoweramp DSP Effects-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Windows Media Audio 10 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
EZdrummer-->MsiExec.exe /I{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}
EZXCocktail-->MsiExec.exe /I{147567F0-8575-4BE0-B5B3-62706C67FA5A}
EZXDfh-->MsiExec.exe /I{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}
Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Fenix Pack 2.8.1-->"c:\Fenix\unins000.exe"
FL Studio 7-->C:\Program Files\Fruityloops7\uninstall.exe
Foto-Mosaik 4.1.0-->C:\Downloads\Foto-Mosaik\unins000.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"E:\Virus\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IGN Rando-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iriver plus 3 (remove only)-->"C:\Program Files\iriver\iriver plus 3\uninstall.exe"
IsoBuster 1.9.1-->"C:\Program Files\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
K!TV-->C:\Program Files\K!TV\UninstKTV.exe
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
MAGIX Music Manager (F)-->C:\MAGIX\Music_Manager\instslct.exe
MAGIX Music Studio 12 deluxe 12.0.2.0 (US)-->C:\Program Files\MAGIX\MusicStudio12deluxe\instslct.exe
MAGIX music studio 2006 deLuxe (F)-->C:\MAGIX\ms2006_deLuxe\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Medal of Honor Pacific Assault(tm)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
MediaCoder 0.6.1-->C:\Documents and Settings\Jean-Sebastien\My Documents\C902\MediaCoder\uninst.exe
MeuhMeuhTV 3.0.0.5-->"C:\Program Files\MeuhMeuhTV\unins000.exe"
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MMTVConfig (désinstallation seulement)-->C:\Program Files\MeuhMeuhTV\MMTVConfig\cfguninst.exe
Modilo Setup-->MsiExec.exe /I{EDF99BB2-2042-487B-92B5-ACB1C8EB5B4B}
Mp3 Tag Tools v1.2-->"C:\Documents and Settings\Jean-Sebastien\My Documents\Iriver X20\Mp3TagToolsv12\uninstall.exe"
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MyPhoneExplorer-->C:\Documents and Settings\Jean-Sebastien\My Documents\C902\MyPhoneExplorer\uninstall.exe
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Native Instruments FM7 v1.10.006-->C:\PROGRA~1\FLSTUD~1\Plugins\Fruity\GENERA~1\FM7\UNWISE.EXE C:\PROGRA~1\FLSTUD~1\Plugins\Fruity\GENERA~1\FM7\INSTALL.LOG
Need For Speed II-->C:\WINDOWS\iun3401.exe c:\documents and settings\jean-sebastien\my documents\games\Nfs2
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OLYMPUS Master 2-->MsiExec.exe /X{CBC85F2E-1981-4C55-9418-908D08D2C6E8}
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x40c
PhotoRescue Pro 4.4.2-->C:\Program Files\PhotoRescue Pro\uninst.exe
Photosynth 2.0.1403.12-->MsiExec.exe /X{556EEE74-6788-4292-8252-8B17E2C7952A}
Pop-Up Stopper Free Edition-->C:\PROGRA~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\POP-UP~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Alternative 1.8.4-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Registry Mechanic 7.0-->"C:\Downloads\Registry Mechanic\unins000.exe"
Sam & Max - Culture Shock 1.0-->C:\Program Files\Sam & Max\Sam & Max - Culture Shock\Uninstall Sam & Max - Culture Shock.exe
Sam and Max - Abe Lincoln Must Die 1.0-->C:\Program Files\Sam & Max\Sam and Max - Abe Lincoln Must Die\Uninstall Sam and Max - Abe Lincoln Must Die.exe
Sam and Max - Bright Side of the Moon 1.0-->C:\Program Files\Sam & Max\Sam and Max - Bright Side of the Moon\Uninstall Sam and Max - Bright Side of the Moon.exe
Sam and Max - Reality 2.0 1.0-->C:\Program Files\Sam & Max\Sam and Max - Reality 2.0\Uninstall Sam and Max - Reality 2.0.exe
Sam and Max - Situation Comedy 1.0-->C:\Program Files\Sam & Max\Sam and Max - Situation Comedy\Uninstall Sam and Max - Situation Comedy.exe
Sam and Max - The Mole, The Mob and the Meatball 1.0-->C:\Program Files\Sam & Max\Sam and Max - The Mole, The Mob and the Meatball\Uninstall Sam and Max - The Mole, The Mob and the Meatball.exe
Savvy TV-->MsiExec.exe /I{99C2BB71-62FC-47C1-8571-7C1AE7328520}
ScummVM 0.9.1-->"C:\Program Files\ScummVM\unins000.exe"
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
sfArk-->C:\MAGIX\soundfont\SFPack\uninstall.exe
SFPack-->C:\MAGIX\SOUNDF~1\SFPack\SFPACK.EXE /uninstall
Silent Hill 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3C80E77-E549-4F76-BC07-61DDBD950345}\setup.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Implants - 7' Stereo Grand Piano for SB Cards-->C:\MAGIX\SOUNDF~1\PIANOI~1\UNINST~1.EXE C:\MAGIX\SOUNDF~1\PIANOI~1\SBStereoPiano.LOG
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SonicStage 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SPSS 14.0 for Windows Integrated Student Version-->MsiExec.exe /X{8736C276-6B2E-4E42-85CF-E372CFF97F08}
Spybot - Search & Destroy-->"C:\Program Files\Spybot\unins000.exe"
Stellar Phoenix Photo Recovery v3.0-->"C:\Program Files\PhotoRescue Pro\Stellar Phoenix Photo Recovery\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Terragen-->MsiExec.exe /I{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
The Movies(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73-->C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Update Service-->C:\Documents and Settings\Jean-Sebastien\My Documents\C902\Update Service\uninst.exe
UsbFix-->C:\Program Files\UsbFix\Uninstal.exe
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{EE5A24F2-06D7-4FFC-B9CF-F87EBE7B77CA}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5-freehd-->C:\Program Files\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VirtuallyJenna-2.017.002 (Cracked)-->MsiExec.exe /I{9AB77E48-5BAF-4EBA-A88B-40CAF43F237E}
Visual Link Spanish(tm) - Pronunciation-->MsiExec.exe /I{7232B3D6-A079-4CCB-B4E9-D697F07D13E4}
Voices of the Apocalypse-->C:\WINDOWS\IsUninst.exe -f"c:\documents and settings\jean-sebastien\my documents\voices of the apocalypse\votautilitysetup\Uninst.isu"
VSO Image Resizer 1.0.7c-->"C:\Program Files\Image Resizer\unins000.exe"
Waldorf.Attack.v1.2-OxYGeN-->C:\WINDOWS\WALDA\UNWISE.EXE C:\WINDOWS\WALDA\INSTALL.LOG
WD Firewire HID Driver-->MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.41-2-->"C:\Program Files\WinHTTrack\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Worms Blast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8874FD36-7C9D-4573-8956-E368D6753D90}\Setup.exe"
XP Tools Pro 6.3-->"C:\Program Files\XP Tools\unins000.exe"
YouTUBE (TM) movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}
YouTube Downloader 2.4-->"C:\Documents and Settings\Jean-Sebastien\My Documents\My Videos\YouTube Downloader\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition (outdated)
FW: ZoneAlarm Firewall

System event log

Computer Name: JS
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{1E44E343-AA40-42F9-9A92-D8A1D8C8334F} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 5
Source Name: Tcpip
Time Written: 20081225094211.000000+000
Event Type: information
User:

Computer Name: JS
Event Code: 3100
Message: The Microsoft IPv6 Developer Edition driver was started.

Record Number: 4
Source Name: Tcpip6
Time Written: 20081225094209.000000+000
Event Type: information
User:

Computer Name: JS
Event Code: 19
Message: Intel(R) PRO/100 VE Network Connection driver has been started

Record Number: 3
Source Name: E100B
Time Written: 20081225094209.000000+000
Event Type: information
User:

Computer Name: JS
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20081225094203.000000+000
Event Type: information
User:

Computer Name: JS
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20081225094203.000000+000
Event Type: information
User:

Application event log

Computer Name: JS
Event Code: 4113
Message:
Record Number: 18331
Source Name: Avira AntiVir
Time Written: 20081022213259.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JS
Event Code: 4113
Message:
Record Number: 18330
Source Name: Avira AntiVir
Time Written: 20081022213259.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JS
Event Code: 4113
Message:
Record Number: 18329
Source Name: Avira AntiVir
Time Written: 20081022213253.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JS
Event Code: 4113
Message:
Record Number: 18328
Source Name: Avira AntiVir
Time Written: 20081022213253.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JS
Event Code: 4113
Message:
Record Number: 18327
Source Name: Avira AntiVir
Time Written: 20081022213250.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
0
Réponse 15 / 19
djjs
 
hmmm C le log qui veut pas passer j ail impression..
0
Réponse 16 / 19
djjs
 
log part 2

======List of files/folders created in the last 1 months======

2009-01-11 17:05:05 ----D---- C:\Program Files\trend micro
2009-01-11 17:05:04 ----D---- C:\rsit
2009-01-10 01:32:03 ----HD---- C:\autorun.inf
2009-01-10 01:30:26 ----A---- C:\UsbFix.txt
2009-01-10 00:27:16 ----D---- C:\Program Files\UsbFix
2009-01-09 10:34:11 ----SHD---- C:\RECYCLER
2009-01-09 08:25:36 ----D---- C:\Program Files\Spybot
2009-01-09 08:25:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 23:39:31 ----D---- C:\WINDOWS\temp
2009-01-08 23:39:26 ----A---- C:\ComboFix.txt
2009-01-08 23:03:33 ----A---- C:\Boot.bak
2009-01-08 23:03:29 ----RASHD---- C:\cmdcons
2009-01-08 22:39:11 ----A---- C:\WINDOWS\zip.exe
2009-01-08 22:39:11 ----A---- C:\WINDOWS\VFIND.exe
2009-01-08 22:39:11 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-08 22:39:11 ----A---- C:\WINDOWS\SWSC.exe
2009-01-08 22:39:11 ----A---- C:\WINDOWS\SWREG.exe
2009-01-08 22:39:11 ----A---- C:\WINDOWS\sed.exe
2009-01-08 22:39:11 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-08 22:39:11 ----A---- C:\WINDOWS\grep.exe
2009-01-08 22:39:11 ----A---- C:\WINDOWS\fdsv.exe
2009-01-05 09:15:20 ----D---- C:\WINDOWS\system32\oodag
2009-01-05 09:03:53 ----D---- C:\Program Files\OO Software
2008-12-26 22:28:52 ----D---- C:\WINDOWS\ERDNT
2008-12-26 22:28:52 ----D---- C:\Qoobox
2008-12-26 13:38:19 ----D---- C:\WINDOWS\ERUNT
2008-12-26 13:30:30 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-26 13:19:20 ----D---- C:\SDFix
2008-12-23 10:42:49 ----A---- C:\WINDOWS\system32\Gif89.dll
2008-12-23 10:42:49 ----A---- C:\WINDOWS\system32\DartWeb.dll
2008-12-23 10:42:49 ----A---- C:\WINDOWS\system32\DartSock.dll
2008-12-23 10:42:48 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2008-12-23 10:34:55 ----A---- C:\WINDOWS\oodcnt.INI
2008-12-23 09:00:13 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-12-23 09:00:04 ----D---- C:\Program Files\PhotoRescue Pro
2008-12-22 00:17:25 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-12 19:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 19:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 19:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 19:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 09:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-12 09:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-12 09:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2009-01-11 17:05:19 ----D---- C:\WINDOWS\Prefetch
2009-01-11 17:05:05 ----AD---- C:\Program Files
2009-01-11 16:38:49 ----A---- C:\WINDOWS\MusicStudio.INI
2009-01-11 16:38:45 ----A---- C:\WINDOWS\win.ini
2009-01-11 16:05:44 ----D---- C:\WINDOWS
2009-01-11 14:10:30 ----D---- C:\WINDOWS\Internet Logs
2009-01-11 13:54:30 ----D---- C:\Program Files\AntiVir PersonalEdition Classic
2009-01-11 13:54:25 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-01-11 13:51:56 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-01-11 13:51:39 ----D---- C:\WINDOWS\system32\DLA
2009-01-10 13:03:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-10 11:37:26 ----D---- C:\Documents and Settings\Jean-Sebastien\Application Data\Vso
2009-01-10 01:31:24 ----AD---- C:\WINDOWS\system32
2009-01-10 01:29:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-09 10:20:19 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-09 08:23:42 ----D---- C:\Documents and Settings\Jean-Sebastien\Application Data\Lavasoft
2009-01-09 08:23:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-09 08:21:44 ----D---- C:\Downloads
2009-01-08 23:39:33 ----AD---- C:\WINDOWS\system32\drivers
2009-01-08 23:34:46 ----A---- C:\WINDOWS\system.ini
2009-01-08 23:23:58 ----D---- C:\WINDOWS\system32\config
2009-01-08 23:19:07 ----D---- C:\WINDOWS\AppPatch
2009-01-08 23:19:07 ----D---- C:\Program Files\Common Files
2009-01-08 23:03:33 ----RASH---- C:\boot.ini
2008-12-31 14:57:47 ----SD---- C:\Documents and Settings\Jean-Sebastien\Application Data\Microsoft
2008-12-30 00:46:58 ----D---- C:\WINDOWS\system32\Macromed
2008-12-29 10:42:39 ----D---- C:\Program Files\eMule
2008-12-26 16:05:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-26 12:03:55 ----D---- C:\backups
2008-12-26 11:11:00 ----A---- C:\WINDOWS\xptools.ini
2008-12-25 01:01:34 ----A---- C:\abserial.txt
2008-12-23 19:21:53 ----D---- C:\WINDOWS\Debug
2008-12-23 19:21:52 ----D---- C:\WINDOWS\Minidump
2008-12-23 11:18:22 ----D---- C:\Program Files\IsoBuster
2008-12-23 10:42:48 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-23 10:30:43 ----D---- C:\Program Files\PC Inspector File Recovery
2008-12-23 08:53:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-18 20:18:14 ----HD---- C:\WINDOWS\inf
2008-12-18 00:33:55 ----D---- C:\WINDOWS\ie7updates
2008-12-18 00:33:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 00:24:32 ----D---- C:\WINDOWS\Help
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 19:19:01 ----D---- C:\Program Files\Internet Explorer
2008-12-12 19:18:31 ----SHD---- C:\WINDOWS\Installer
2008-12-12 19:18:31 ----D---- C:\Config.Msi
2008-12-12 13:16:58 ----A---- C:\WINDOWS\BeatBox.INI
2008-12-12 09:23:59 ----D---- C:\WINDOWS\WinSxS
2008-12-12 02:44:39 ----D---- C:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-12-26 75072]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2003-07-29 28518]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-20 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-10 4123136]
R3 LoopBeMidi1;nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM); C:\WINDOWS\system32\drivers\loopbe1.sys [2008-01-27 10880]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver; C:\WINDOWS\system32\DRIVERS\Eagle2RC.sys [2006-05-24 8576]
S3 Eagle2TV;TV tuner device; C:\WINDOWS\System32\Drivers\eagle2tv_B.sys [2006-06-02 384128]
S3 EWAVE;EWAVE; \??\C:\WINDOWS\system32\drivers\ew.sys []
S3 FILESPY;FILESPY; \??\C:\WINDOWS\system32\drivers\FILESPY.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-10-04 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-10-04 21672]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMDSHA;MDSHA031; C:\WINDOWS\System32\Drivers\MDSHA031.sys [2003-05-19 35331]
S3 NSTATION;NSTATION; \??\C:\WINDOWS\system32\drivers\nstation.sys []
S3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-05-01 28352]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 8573]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2003-11-26 61440]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-06-28 1049856]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-13 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-04-26 138504]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-13 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]

-----------------EOF-----------------
0
Réponse 17 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
bien,

désinstalle usbfix

puis retélécharge le

http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptibles d'avoir été infectées sans les ouvrir.

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Choisis l'option nettoyage

--> Le pc va redémarer

-->Après redémarrage poste le rapport UsbFix.txt
0
Réponse 18 / 19
djjs
 
C'est l histoire sans fin ce virus lol !!
Voila le resumer, il a marquer que plein d'acces etait denied et aussi mon pc n a pas redemarrer tt seul, il blokait sur l ouverture de windows, j ai du le reboote manuellement...

-------------- UsbFix V2.414 ---------------

* User : Jean-Sebastien - JS
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:44:45 le Sun 01/11/2009
* Windows Xp - Internet Explorer 7.0.5730.11

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Informations lecteurs ] ----------------

C: - Fixed Drive

D: - CD-ROM Drive

E: - Removable Drive

G: - Removable Drive

H: - Removable Drive

+- Contenu de l'autorun : C:\autorun.inf

+- Contenu de l'autorun : E:\autorun.inf

+- Contenu de l'autorun : G:\autorun.inf

[autorun]
;ceotugppndnaoctlepvhyjtgjkmhgygpdhtewpzdhjgyiyquqvzleazdsmmkddlabrzzxuixsapmepdksdyi
shellexecute="resycled\boot.com g:"
;yvlaoffnspnkgxlykisrjfwtzqmztdlmfgylsfibzakffthronnfxjjybvghrgnadioqujyhlvsbsrwg
shell\Open\command="resycled\boot.com

+- Contenu de l'autorun : H:\autorun.inf

[autorun]
;ffbyggsygrathdcpqwtcmkqcrzykighmqakgbewhxtfyzghygfcfgwsfaywohyhcxhndhqouevfxgjlgelurcvd
shellexecute="resycled\boot.com h:"
;ivcwlnxqiburyypdvsaapbexhiolzugfijaedoqntpbpbuoyjqhwuvjtamekqawptofijkqklpjfaqmsymwbihbpirpvvhrnu
shell\Open\comman

--------------- [ Lecteur C ] ----------------

C: - Fixed Drive

+- Listing des fichiers présents :

[02/04/2008 08:47 AM][---hs----] C:\AUTOEXEC.BAT
[08/10/2004 12:00 PM][-rahs----] C:\NTDETECT.COM
[10/12/2008 10:32 AM][--a------] C:\HJT.exe
[01/08/2009 11:03 PM][-rahs----] C:\boot.ini
[01/10/2009 01:32 AM][d--h-----] C:\autorun.inf
[12/25/2008 01:01 AM][--a------] C:\abserial.txt
[12/25/2008 01:01 AM][--a------] C:\CKINFO.TXT
[12/25/2008 01:01 AM][--a------] C:\ComboFix.txt
[12/25/2008 01:01 AM][--a------] C:\dxlog.txt
[12/25/2008 01:01 AM][--a------] C:\rapport.txt
[12/25/2008 01:01 AM][--a------] C:\UsbFix.txt
[02/15/2006 03:38 PM][--a------] C:\CONFIG.SYS
[02/15/2006 03:38 PM][--a------] C:\hiberfil.sys
[02/15/2006 03:38 PM][--a------] C:\IO.SYS
[02/15/2006 03:38 PM][--a------] C:\MSDOS.SYS
[02/15/2006 03:38 PM][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - CD-ROM Drive

+- Listing des fichiers présents :

--------------- [ Lecteur E ] ----------------

E: - Removable Drive

+- Listing des fichiers présents :

[11/23/2007 12:57 PM][-rahs----] E:\kinza.exe
[01/10/2009 01:32 AM][d--h-----] E:\autorun.inf

--------------- [ Lecteur G ] ----------------

G: - Removable Drive

+- Listing des fichiers présents :

[01/09/2009 09:04 AM][-r-hs----] G:\autorun.inf
[01/01/1980 12:00 AM][--a------] G:\X20.SYS

--------------- [ Lecteur H ] ----------------

H: - Removable Drive

+- Listing des fichiers présents :

[11/23/2007 12:57 PM][-rahs----] H:\kinza.exe
[01/09/2009 09:04 AM][-r-hs----] H:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://fr.yahoo.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer=C:\Program Files\Spybot\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
ehTray=C:\WINDOWS\ehome\ehtray.exe
THotkey=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Tvs=C:\Program Files\Toshiba\Tvs\TvsTray.exe
TPSMain=TPSMain.exe
avgnt="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92bbc7b4-2463-11dd-ad9d-00130289d7c4}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92bbc7b4-2463-11dd-ad9d-00130289d7c4}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92bbc7b5-2463-11dd-ad9d-00130289d7c4}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

G:\autorun.inf ~> fichier appelé : "G:\"resycled\boot.com" ( présent ! )
Supprimé ! - G:\"resycled\boot.com
Echec de la supression !! - [01/11/2009 07:46 PM] C:\autorun.inf
Supprimé ! - [01/11/2009 07:46 PM][d--------] C:\autorun.inf
Supprimé ! - [11/23/2007 12:57 PM][-rahs----] E:\kinza.exe
Echec de la supression !! - [01/10/2009 01:32 AM] E:\autorun.inf
Supprimé ! - [01/10/2009 01:32 AM][d--------] E:\autorun.inf
Supprimé ! - [01/09/2009 09:04 AM][-r-hs----] G:\autorun.inf
Supprimé ! - [12/23/2008 09:59 AM][dr-hs----] G:\resycled
Supprimé ! - [11/23/2007 12:57 PM][-rahs----] H:\kinza.exe
Supprimé ! - [01/09/2009 09:01 AM][-r-hs----] H:\resycled\boot.com
Supprimé ! - [01/09/2009 09:04 AM][-r-hs----] H:\autorun.inf
Supprimé ! - [12/23/2008 09:59 AM][dr-hs----] H:\resycled

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[02/04/2008 08:47 AM][---hs----] C:\AUTOEXEC.BAT
[08/10/2004 12:00 PM][-rahs----] C:\NTDETECT.COM
[10/12/2008 10:32 AM][--a------] C:\HJT.exe
[01/08/2009 11:03 PM][-rahs----] C:\boot.ini

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
E:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
G:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
H:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0
Réponse 19 / 19
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
on touche au but

**désactive ton antivirus, logiciels de protections et logiciels pouvant bloquer les popups (barres Google, barres Yahoo etc..).**

Ouvre internet explorer --> Outils --> Options internet --> onglet "sécurité" --> Valide "niveau par défaut".
Toujours sur Internet explorer --> Outils --> Options internet --> onglet "avancé" --> valide "Paramètres par défaut".

Scan en ligne avec Kaspersky :
- https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr en utilisant Internet Explorer et pas Firefox, ça ne marchera pas!.
- Si tu es perdu, tu peux suivre l'aide pour les scans en ligne https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

AIDE : Configurer le contrôle des ActiveX < http://www.inoculer.com/activex.php3 >
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html , ou là : https://forum.pcastuces.com/sujet.asp?f=25&s=37641 (par Morgane & nico_dodo)

- Au moment de choisir la cible à analyser, clique sur le bouton Paramètres d'analyse
- Dans la nouvelle fenêtre, coche "étendu" au milieu puis clique sur OK.
- Choisis le poste de travail dans la cible à analyser
- Copie/colle le rapport du scan ici

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner,
reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
0

Discussions similaires

paroles chanson A I E
victorbravo -
Josh Randall -

9 réponses
ba moin en tibo
leglode -
Raymond PENTIER -

5 réponses
traduction de paroles
crack92 -
Sh0uPii -

1 réponse
Regarder Archie mystère et cOmpagnie ??
kaporal-maiki -
Bonjour02100 -

5 réponses
Site streaming Kimagure Orange?Road
ShuraJayce -
ShuraJayce -

2 réponses